[英]Staying in same page, after inserting data in MySQL using PHP using POST method
我有一个简单的问题,但我不知道该如何克服。
这是我的表格页面
<div id="register">
<table border="0" cellpadding="0" cellspacing="0" align="center" width="1000px" >
<tr>
<td height="300px" width="300px" align="center">
</td>
<td height="300px" width="400px" align="center" background="Images/panel2.png">
<form action="reg_conn.php" method="post">
<FIELDSET>
<LEGEND>Register</LEGEND><P>
<table width="350px" cellpadding="0" cellspacing="0" border="0" align="center">
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="username" >UserName:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<input type="text" name="username" class="textfield"/>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="name" >Name:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<input type="text" name="name" class="textfield"/>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="email" >Email:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<input type="text" name="email" class="textfield"/>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="password" >PassWord:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<input type="password" name="password" class="textfield"/>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="security_q" >Security Question:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<select name="security_q" class="dropdown" style="width: 100px" >
<option value="My 1st Teacher">My 1st Teacher</option>
<option value="My 1st Pet">My 1st Teacher</option>
<option value="My 1st Crush">My 1st Crush</option>
</select>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="100px">
<label for="security_a" >Security Answer:</label>
</td>
<td align="center" width="50px"/>
<td align="center" width="100px">
<input type="text" name="security_a" class="textfield"/>
</td>
<td align="center" width="50px"/>
</tr>
<tr>
<td colspan="5" align="center" height="10px"/>
</tr>
<tr>
<td align="center" width="50px"/>
<td align="center" width="250px" colspan="3">
<input type="submit" class="button" style="width: 200px; height: 20px;" />
</td>
<td align="center" width="50px"/>
</tr>
</table>
</FIELDSET>
</form>
</td>
<td height="300px" width="300px" align="center"/>
</tr>
</table>
</div>
我的reg_conn.php文件如下:
<?php
include('connection.php');
$sql="INSERT INTO candidate_register_table (username, name, email, password, security_q, security_a)
VALUES
('$_POST[username]','$_POST[name]','$_POST[email]','$_POST[password]','$_POST[security_q]','$_POST[security_a]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
现在,当我提交时,页面将重定向到reg_conn.php文件。 我不要那个 我想留在上一页。 如何才能做到这一点?
您要查找的内容称为Post-Redirect-Get 。 成功提交到数据库后,您可以将浏览器重定向回最终目标。
首先是第一件事,防止注入攻击:
include('connection.php');
$username = mysql_real_escape_string($_POST['username']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$securityq = mysql_real_escape_string($_POST['security_q']);
$securitya = mysql_real_escape_string($_POST['security_a']);
// Use filtered values here, never direct from $_POST!!!!!
$sql="INSERT INTO candidate_register_table (username, name, email, password, security_q, security_a)
VALUES ('$username','$name','$email','$password','$security_q','$security_a')";
if (!mysql_query($sql,$con))
{
// Don't die(). Instead redirect with error.
$err=1;
}
mysql_close($con);
// Set an error parameter if there was a problem...
// this is optional, since a failure of mysql_query() would indicate a code problem
// rather than a problem with the user's input.
if (isset($err)) {
// And redirect back to the form with the error in the querystring
header("Location: http://example.com/form.php?err=1");
exit();
}
else {
// No error...
// And redirect back to the form...
header("Location: http://example.com/form.php");
exit();
}
在表单页面上,如果您想向用户显示错误,则可以执行以下操作:
if (isset($_GET['err'])) {
echo "an error occurred...";
}
更健壮的实现方式是将错误消息设置为$_SESSION
,然后在屏幕上显示后将其unset()
set unset()
。
您可以根据需要在一个页面上进行表单演示和提交处理:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
... process form data here ...
}
?>
.... html form goes here ...
这样,提交完成后,表单将再次显示,并且用户将停留在相同的URL。
$field_name = mysql_real_escape_string($_POST['field_name']);
$sql = sprintf("INSERT INTO `table_name`(`field_name`)VALUES('$field_name')");
$que = mysql_query($sql);
if(!$que)
{
echo "No";
}
else
{
header("location:../yourpage.php");
}
您可以使用此代码进行重定向。
(“位置:../ yourpage.php”)
将yourpage.php更改为页面名称,以便在数据插入后重定向到该页面。
请遵循Saswat关于SQL注入的评论。
您可以在mysql_close($ con);之后添加以下行:
header('Location: http://www.YOURWEBPAGE.com');
那将重定向到您选择的页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.